MariaDB & GaleraJEROME DELIEGE / PAYMENT SERVICES / FINANCIAL SOLUTIONS
About : Jérôme Deliège
2MARIADB & GALERA
Head of IT Operations at Ingenico Financial Solutions
● Datacenter Infrastructure
● Virtualisation and Solaris Linux systems
● Information security
● Database Administration
● Network
● PreviouslyThe Brussels Airport CompanyUniversité Catholique de Louvain
Ingenico Financial Solutions : E-Money Context
3MARIADB & GALERA
● Platform needed for accounting of E-Money product related aspects
● E-Money is a product sold in exchange of deposit money, the digital equivalent of Cash
● Basically the E-Money platform is a bank accounting system with wallet functionality
● PCI-DSS v3 compliant
● And lots of business options …
Ingenico Financial Solutions : Product lines
4MARIADB & GALERA
● Wallet● Fully compliant e-Money setup. Mostly sold as a White Label licensing
solution, with the platform as a service
● Collect ● Build on top of the e-Money platform
Collect accounting is done in the e-Money platform ● Multi payment methods, either directly as acquired or through different
third party acquirers
Technical Architecture1
Philosophy
6MARIADB & GALERA
● We build it, because in 2007 there were no solutions that fit
● Origin mobile payments, so scalability was key
● High availability needs to be inherent, no SPOF
● Financial correctness and compliance top priorities
● Use of Stored Procedures for every DB interaction
● Modularity is key to be able to move fast, release is a non-event
● Limited number of external technology providers
● Master and manage everything within the organisation
Microservices architecture
7MARIADB & GALERA
● 100% Virtualized
● 110 VM in PROD
● 8 Servers in PROD
Source : tigerteam.dk
BACKOFFICE - PHP XMC-RPC + ISO8583
Load-balanced Services
8MARIADB & GALERA
● Linux Virtual Server (LVS)+ Keepalived
● Direct Routing (no NAT!)
● Load equally shared between the two chains
“Failover balanced” Databases
9MARIADB & GALERA
● High write percentage (30%)
● Understand the Galera limitations (Hot rows)
● Used for High-Availability
● Graceful failover and fallback
● Ensure consistency between the nodes
Security Features2
MariaDB & Galera support for encryption
11MARIADB & GALERA
● Encrypt the traffic between the client and the server
● Client / Server certificate validation
● Encrypt the traffic between the clusters nodes (Galera configuration support for IST and SST)
● Encrypt the backups done with Xtrabackup
Schrodinger’s Backup: "The condition of any backup is unknown until a restore is attempted."
PAM Authentication Plugin
12MARIADB & GALERA
● Support LDAP Authentication
● Built-in
● Supported by various toolsand command line
● J/M/L process
● Can be used for a two factors authentication
Server Audit Plugin
13MARIADB & GALERA
● Solve the PCI requirement 10 easily “Track and monitor all access to network resources and cardholder data”
● Built-in
● Option to prevent the plugin to be removed while server is running
● You can configure which user and which event you want to audit
● New : REGEX can be applied to hide sensitive information
MariaDB Corporation services3
What MariaDB Corporation offers us
15MARIADB & GALERA
● Remote DBA available 24/7
● Technical support from the core developers
● We feel listened !● Bugs treated with high priority● Features requests pushed to the top
● Great tools included : MonYOG, Zmanda